IPCop Linux is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. By implementing existing technology, outstanding new technology and secure programming practices IPCop is the Linux Distribution for those wanting to keep their computers/networks safe.

*Multiple “Real” IP supported on RED when using a Static IP base.
*DHCP client support on RED to receive IP from ISP, also support for a dynamic DNS to be updated as this IP changes.
*DHCP server for GREEN and BLUE to simplify network setup and maintenance.
*NTP server and client for setting IPCop clock and supplying a common clock for internal GREEN and BLUE networks.
*Intrusion Detection for ALL networks (RED, ORANGE, BLUE and GREEN)
*Vitural Private Network (VPN) to allow multiple sites to act as single large network.
*Proxy Support for both Web Surfing and DNS support allow for “faster” connection response on and simplified network setup.
*Administration after initial load is via a secure Web Interface including:
oPerformance Graphics for CPU, Memory and Disk as well as Network throughput
oLog viewing with autorotation.
oMultiple language support.

*Use of older equipment. 386 or better. Version 1.4 has been tested on 486sx25 with 12M of RAM and 273M of hard drive. This was the oldest and smallest we could find we could find at the time of test. It was loaded via the Net Install option and supported a full Cable Modem download speed of 3Mb/s.

Click to expand...

Administration is done over an easy-to-understand web interface. And the best is: you can use old hardware for it (e.g. PentiumI with 32MB RAM and 800MB HDD)!

Yes, nice read. I was just reading over at the main page while looking for a DNS client for linux. It also support dynmic IP update at ZoneEdit and others. I think, once I have The webserver box stable, this is my next project.

PS. LOL, I didn't realize this thread was old. But would like to get users input though.

Its a good distro for firewalling. But if you really want to stay EVEN more secure, use distros (this may get me in trouble for EVEN mentioning this ) such as backtrack linux and the hackthissite gentoo live cd <-- hard to find. I know that i will get some dirty looks by saying this, but i have used the HTS live cd to search for security vulnerabilities in the past. It has about 50 programs that promote port scanning and the such, and they are all in the popular network languadges. It also comes with 200+ tutorials, so that you will never be stuck. To you the programs properly, you must scan/search/look for, a certain hole or "glitch" or vulnerability. The best way to go are with scanners that pick up real time info on what data is being transferred via the servers. Me and my friends have realized that if you use this on you're own system, you can fix up alot of problems very quick. Oh and Hackthissite was hacked and all its users passwords were stolen, so it proves that you can never be too safe . And the HTS live cd can be found on pirate bay.org.

Hey people, I'm very much interested in on this topic and want to contribute a little.
Talking about ipcop, I think in my opinion it's the only firewall I was able to setup and play with. My quest for knowledge on firewalls came when I decided to host my own server (web/ftp/email/hosting) at home. For sometime, I couldn't find any ready made distro/firewall like ipcop so i tend to go with smoothwall express (http://www.smoothwall.org ).It was brilliant but they wouldn't support my Alcatel USB modem. I tried all the patches and everything, yet the same. I got their latest version of express codenamed Grizzly, which for some reason worked after one patch but it was a beta version and they've been quiet slow with update and more stable version.

Then I found IPCOP, it met all my needs and was easy to intall. Falko as you can see, I dropped you and email but you asked if i could put it up here. I don't know which forum is the best to post my stuff. Can you help?

I have an IPCOP box working fine. On the orange I've connected a box which will be my server. I installed Fedora Core 5 and assigned ipaddress 192.168.1.1 and on the Orange interface on the IPCOP the ip is 192.168.1.0 all with subnetmask of 255.255.255.0.

My question: when I try to connect to the internet it report an error : page cannot be found.

I put my IPCOP ip as the gateway to see if that will solve the problem but to my dismay, it's still the same error. I do not know if I have to do something somethere to fix this error.

If i get help with this I can go on to install my server this weekend. Can I also use you howto guide for fedora core 5 x86_64 for just a x86 install as you mentioned that you'll need a tweak.

I have an IPCOP box working fine. On the orange I've connected a box which will be my server. I installed Fedora Core 5 and assigned ipaddress 192.168.1.1 and on the Orange interface on the IPCOP the ip is 192.168.1.0 all with subnetmask of 255.255.255.0.

Click to expand...

You cannot use 192.168.1.0 as IP address, it's reserved (network address), the same goes for 192.168.1.255 (broadcast address). Use another one.

I like IP-Cop to.I used it quite some time ago and it works great on a very old computer (~300MHz/~196MB RAM/~100 computers).The only thing I'd need is an interface for setting/changing Ip Tables firewall rules.
Does anyone know of an extension for IP-Cop (or some other way),which makes it possible?

Leszek - The only thing I'd need is an interface for setting/changing Ip Tables firewall rules. Does anyone know of an extension for IP-Cop (or some other way),which makes it possible?

--------------------------------------------------

Answer ... you need these two addons … for your IPCOP

1. BlockOutTraffic-3.0.0-GUI-b2

This addon is complicated & confusing in its rule writing ... but unlike its title suggests ... it is not just for blocking Out-Bound-Traffic. This addon has no major bugs … installs perfectly on most versions of IPCOP … and is a complete by-directional rule writer. As an extra BONUS (one of the few that can) … this addon handles every kind of IP format range. You can be very specific with your rules. Many have asked similar questions about how to block certain IP-ranges within their intranets. With this addon you can rule in or out almost anything.

Note. For those taking this addon to the extreme … IP-Tables may only handle about 2500 rules before the rules go crazy … found this out personally using “BlockOutTraffic-3.0.0-GUI-b2” and “Iptablesgui-ipcop-0.1.0.

2. Iptablesgui-ipcop-0.1.0

With this addon you can see … in near real-time (as fast as you can click it)… exactly how your rules appear in IP-Tables. Modify the rules in BlockOutTraffic and then view this addon to see how they look. This is a very handy addon, overall … less any outside connections attempts (see below).

--------------------------------------------------

Iptablesgui --- For the more serious IPCOP users … References to an update within the cgi page … that doesn’t exist from the parent company … could be removed. Removing the update reference calls from the page increases the refresh speed of the page a little … and perhaps improves security of your IPCOP as well.

After you have successfully installed “Iptablesgui-ipcop-0.1.0” …

If you leave your iptablesgui.cgi … default, the way it is … when you refresh the Iptablesgui page …

… your IPCOP will try to make a connection to … 87.169.30.220 "p57A91EDC.dip0.t-ipconnect.de"

If you modify “iptablesgui.cgi” … IPCOP will not make any UN-necessary outside connections when refreshing the Iptablesgui page!!! Below … is a copy of “iptablesgui.cgi” with REM Statements “#” inserted before the update checks.

Attached Files:

this may sound stupid, but I cannot seem to find the link to download the ISO for IPCop!! When I go to ipcop.org, and click the download tab, i see the tgz files... ipcop-1.4.21-update.i386.tgz.gz and ipcop-1.4.21-sources.tgz...